On Mon, Mar 25, 2013 at 3:37 PM, Gerald Combs <gerald@xxxxxxxxxxxxx> wrote:
> On 3/24/13 7:37 AM, Anders Broman wrote:
>> Hi,
>> Looking into address resolution I found that the hosts file is read
>> multiple times partly
>> because it's part of cleanup_dissection() which is called both on
>> cf_open() and cf_close().
>>
>> Should cleanup_dissection() take an argument showing whether its a file
>> open or file close
>> operation and different measures taken at least when it comes to the
>> host_name_lockup...?
>
> This is partly my fault, resulting from switching to seasonal memory for
> name resolution in r45511. We call se_free_all() a lot, which means
> calling host_name_lookup_init() a lot. It might be better to use a
> different allocator for resolved addresses or to delay reading any hosts
> files somehow. Either way we need to make sure resolved addresses don't
> leak from one capture to the next.
See also bug #8349 (if the user exports a filtered subset of the
capture, only resolved names relevant to that subset should be
exported).
I think, in general, the resolved addresses that get written out on
save should be based on which packets get written out, not on which
names we have cached (looks like we'll need another member for
frame_data, oh joy).
Once that's done properly then we can look at cleaning up the caching
logic so that we don't have to keep rereading the hosts file. I
suspect the simplest and best method is to never flush the cache - I
can't imagine it getting unreasonably large, and it means we never
have to look up the same address twice.
Evan
